What Documented Information ISO 45001 Requires
ISO 45001 allows flexibility in how, what, and when to document a health and safety management process element, such as systems for planning, resource management and control of documented information.
This is not only to accommodate more modern forms of communication such as video, audio, and other electronic records but to allow an organization the flexibility to re-use appropriate information, maintain current versions easier, provide broader access/distribution and reduce costs associated with documentation.
The Changed Nature of ISO Documentation
The ISO 45001 standard has removed the distinction between documents and records. Both are now called documented information.
- As defined in the terms and definition section 24, “documented information” is information required to be controlled and maintained by an organization and the medium on which it is contained.
- It, therefore, expects that you also maintain and control the medium as well as the information.
- This “documented information”, documents and records are used as evidence of conformance.
Having It Your Way (Sort of)
ISO 45001 essentially allows the organization to tailor the completeness or complexity of documentation to its own situation, as long as it still achieves its overall objectives. This approach does not, however, lessen the requirement for proper documentation. As noted in the standard, “documented information” can be required:
- When information needs to be disseminated or shared.
- To prove and retain that proof, that a process has been completed and if intended results were achieved.
- To retain knowledge relevant to the organization, including:
o Analysis/Reviews/Evaluations /Validations
o Decisions Made
o Actions taken
o Assets/Inventories/Property Management
o Position Descriptions/Qualifications
So What Is Required?
According to ISO 45001 clause 7.5.1, requires that:
- The OH&S management system includes the documented information required by the standard and documented information determined to be necessary for an effective OH&S management system.
- The extent of documented information created and updated will vary from one organization to another and will depend on the size, type of processes, products, and services.
Guidelines on what to document can include:
- Documenting critical portions of the OH&S management system, such as its scope, key operational processes, policies, and objectives
- Documenting important, but perhaps less critical information that supports the OH&S such as process flow charts, specific health and safety and operational procedures, schedules, information collection approaches, such as record keeping forms, surveys) business plans, etc.
According to ISO 45001 clause 7.5.3, requires that:
- Documented information required by the OH&S management system and the standard be controlled to ensure that it is available and suitable for use when and where it is needed, and it is properly protected from loss of integrity or improper use.
Will an OH&S Manual be required?
The short answer is that under ISO 45001 an OH&S manual will not be mandatory. The ISO/DIS 45001 standard does not specify requiring a formal OH&S manual. However, a document that can be named a manual can still satisfy the requirement for documented information concerning:
- Your OH&S policy and objectives
- The scope of the OH&S
- Information to support related health and safety activities and processes
In many cases, the information required by the OH&S will still be most convenient and accessible if collected, published and maintained through a traditional manual format.
Document Maintenance / Retention
As noted in section 7.5, the standard still applies traditional rigor in updating, protecting and retaining documents for information that has been deemed a critical part of the OH&S (and other related management systems, such as OHSAS 18001). In ISO 45001, there are many clauses that specifically call for documented information – see table below:
Required Documented Information
|The scope of OH&S available as documented information
|The OH&S policy available as documented information
|The responsibilities, accountabilities, and authorities for relevant roles are maintained as documented information
|Maintain documented information of the OH&S risks and OH&S opportunities and the processes needed to address risks and opportunities
|The methodologies and criteria for assessing OH&S risks are defined, maintained and retained as documented information
|Information on applicable legal and other requirements are maintained, retained, and updated as documented information
|The OH&S objectives and plans to achieve them are maintained and retained as documented information
|Documented information is retained as evidence of competence of workers
|Relevant OH&S communications are received and maintained as documented information
|Documented information to provide confidence that processes have been carried out as planned and determining where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives is kept
|Information on the process and on the plans for responding to potential emergency situations are maintained and retained as documented information
|Evidence of the monitoring, measurement, analysis and evaluation results are retained as documented information
|Results of the compliance evaluation are retained as documented information
|Evidence of the implementation of the audit program and the audit results is retained as documented information
|Evidence of the results of management reviews is retained as documented information
|Evidence of the nature of incidents or nonconformities and actions taken with results and effectiveness of correction is retained as documented information and communicated to relevant workers other relevant interested parties
|Evidence of the results of continual improvement efforts is retained as documented information
While ISO 45001 documentation requirements are less restrictive than in previous standards such as with OHSAS 18001:2007 (for 4.4.5 control of documents, and for 4.5.4 control of records), there are still specific instances where documented information must be recorded and retained by the organization as evidence of achieved results as noted above.
What Is Most Important
Whether an organization has an existing OH&S or is just starting with the new ISO 45001, the key is to let the processes that are used determine the documentation requirements.
If documentation that exists can be shown to support the OH&S processes effectively, then it can and should be continued to be used. If not, then the appropriate level of effort to transform or re-purpose that documentation into the proper function should be applied.
This flexibility does not, however, relieve the organization from being able to prove that it is meeting its OH&S management goals. As noted above, the standard has many instances where it calls for specific evidence of conformity. Documentation must accordingly be accurate, objective and current in this regard, and in practice, must stand up to the scrutiny that a properly executed external audit will demand.
Please note that certain text from the ISO 45001 standard is only used for instructional purposes. Standard Stores recognizes and respects the International Organization for Standardization (ISO) copyright and intellectual property guidelines.